Jump to content

Scanning an Active Directory OU and adding each group into Passwordstate


Recommended Posts

Purpose:

Currently as of Build 8782 Passwordstate does not have a feature in the User Interface to scan an Active Directory OU and automatically add in all the security groups.  This Powershell script can do this as an alternative way, which will search an Organisational Unit of your choice and add each security group in via the Passwordstate API. 

 

The Security Groups will automatically sync all members within about 1 minute of being added into the system.

 

You must be running Passwordstate 8782 for this to work, and you'll find the Security Groups API key under Administration -> System Settings -> API

 

The script is listed below, and you could potentially put this into a Windows Scheduled Task to run on a regular schedule.  Please change the variables on lines 2,3,4 and 5 to suit your environment:

 

#Set following core variables in lines 2,3 & 4
$APIKey = "6c27d83f5a9b43e79843b632fe5dac5e"
$PasswordstateURL = "https://sandbox.contoso.com"
$Domain = "contoso"
$OUtoScan = "OU=Test,OU=Sandbox Testing,DC=contoso,DC=com"

 

#Begin Script

#Construct API URL for use later in script
$APIURL = $PasswordstateURL + "/api"

 

#Find Security Groups in OU
$SecurityGroups = (get-adobject -Filter 'ObjectClass -eq "group"' -SearchBase $OUtoScan).Name

 

#Cycle through array and add each security group to Passwordstate
foreach ($SecurityGroup in $SecurityGroups)
{

 

#JSON data for the object
$Body = @{
        SecurityGroupName = $SecurityGroup
        ADDomainNetBIOS = $Domain
        APIKey = $APIKey
        }
        
# Convert Array to Json
$jsonData = $Body | ConvertTo-Json

 

#Add the group to Passwordstate
$result = Invoke-Restmethod -Method Post -Uri $APIURL'/securitygroup' -ContentType "application/json" -Body $jsonData 

}
 

 

 

 

 

Regards,

Support.

 

 

Link to post
Share on other sites
  • 1 year later...

HI 

This will be very useful for my operation.  I have script that creates folders, passwordlist & relevant AD groups. Currently I manually sync PasswordState with AD for the groups but now I will be able add sync & possibly add users to these groups in one go.

 

thank you.

Emad :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...